Bad Information Can Be Deadly

Bad info kills. Is it true that Yemen officials gave US bad intelligence info prompting a missile strike which killed a Yemeni Political instead of an al Qaeda leader as the US was told? Acting on bad info in any business impacts results in major kinds of ways. No doubt Jabir Shabwani, a guy “mistakenly” killed would agree that bad info can be deadly.

Are You Killing Me?

Read more in the Wall Street Journal, “U.S. Doubts Intelligence That Led to Yemen Strike” on December 29, 2011

Take Information Management Seriously

Criminal charges are being brought against BP engineers for the disaster of the Deep Horizon—the Gulf explosion that took 11 lives and created the worst environmental accident in US history. Apparently, the guys gave bad information to regulators which down played the risks of the deep water drilling operations. You think if the engineers, who are being CRIMINALLY prosecuted, got a “do over” they would make the same decisions as before. If providing bad information, destroying needed information and not retaining information can be the basis of prosecution than we should be taking its management more seriously?

Just saying, Are You Kidding Me?

Read more in the Wall Street Journal “Criminal Charges Are Prepared in BP Spill” December 29, 2011.

Hacking Happens

Information security suggests that you can actually protect your information crown jewels. I am not a security expert, but I do know one thing for certain about security. No matter how much you seek to protect information, and how much money and vigilance you throw at the problem, that still bad guys can and will get to your data nugget if they want to bad enough.

I usually determine how important some business event is to the US or world economy based upon its location in the Wall Street Journal. An imprecise science no doubt, but useful nonetheless to ascertain what matters to our economy. So, when I recently read about the US Chamber of Congress getting hacked by the Chinese, I took note that it was the first article on the front page and took up more space on page 4 of the first section. So what, hacking happen every day, all day long. But this one was special because the Chinese hackers grabbed US policy toward China and allowed the bad guys to watch the policy wonks inside the Chamber for over a year, says the FBI. The attack was sophisticated and as a result was undetected by the Chamber until the FBI told them of it recently.

Not only did the Chinese hackers have access to policy documents, email accounts, and all sorts of important information, but they also may have gotten access to Chamber members company email accounts and messages. The hackers even hacked a thermostat at a condo owned by the Chamber and a Chamber printer now inexplicably prints Chinese characters on documents.

Yikes! I was invited to China by a wonderful academic and met with several of her students a short while ago in Beijing. After communicating with the various Chinese students to work out logistics, inexplicably my computer started to change content from English to Chinese characters. If that wasn’t bad enough, the translated characters, were actually “dirty” words usually of a sexual nature. I retired the computer early to protect our reputation but wonder, why bother with my boring email. If someone cares about my stuff they must care about lots of stuff which we don’t think is important. If we don’t think it’s important, I bet we aren’t so vigilant about protecting it. If that’s true, I bet we get lots of stuff hacked that we don’t even know about. Heck even our vigilant folks get exposed.

Are you kidding me.

A Silly Little GLITCH. . . Really???

Repeat after me-when information is in electronic form, the accuracy doesn’t matter, provided that a GLITCH caused the issue. And if there are mistakes in the data, there is no harm because it is caused by a silly little old GLITCH. Take for example, the English organ transplant organization, that had to admit to the government and all those nice people waiting for an organ transplant that it made a small boo-boo. Well, it wasn’t the people that made the mistake, it was a computer glitch. Therefore the downside is rather limited—right?

“The health organisation, which is responsible for the Organ Donation Register (ODR), was found to have recorded the preferences of 444,031 people incorrectly due to a software error which dated back to 1999.” http://www.itpro.co.uk/630274/over-400-000-organ-donation-details-stored-incorrectly

Imagine a middle aged peaked chap, (let’s call him Nigel as that seems brilliantly British) was waiting patiently on the list for a liver and his life depended on it. Because of the GLITCH the transplant list indicated that he was waiting on a butt transplant from a brilliant member of the staff at a prestigious university. And he waits and waits and the butt never shows up.

What’s the big deal about waiting. Imagine, several livers happened by that would have been a match for Nigel but he never was notified because he was looking for a smart @$$.

Are You Kidding Me.

Own the problem. Make it Right.

“Records are neither good nor bad. They just are. Records are neither good nor bad. They just are. Records are neither good nor bad. They just are,” muttered Hansel and Gretel as they reviewed the records of consumed children meticulously kept by the terrible Witch and contemplated their fate of swimming in the cauldron of boiling water.

I am asked all the time about building records programs and “dealing” with litigation proactively. I tell them REALLY clearly to refrain from managing information based upon what may be relevant in litigation, audit or investigation in the future. In other words, don’t architect a RIM program to proactively destroy what you think will hurt you down the road. Build a RIM program for maximizing business value. If something hurts you later on, your lawyers will need to deal with it later.

A pharmaceutical company scientist communicates in email about the efficacy of a drug compound, calling it into question based solely on her personal opinion but no science. Not the right place to question a drug compound efficacy (as drugs are always subject to lawsuits and this piece of evidence will no doubt be unearthed and serve as “proof” of substandard drug quality) but it now exists and may be relevant and discoverable down the road. Good policies, thorough training, and vigilant compliance efforts can deal with a lot of risk exposure but in the end if you hire knuckleheads, then they may hurt your organization.

I read a recent article in “Rolling Stone” magazine about the “The Catholic Church’s Secret Sex-Crime Files.” Among other things, the article is about what the church did wrong in hiding records of child molestation and covering up crimes by Church officials. What struck me about the article is that the author focused on the fact that the Church has kept meticulous files on so many molesters and how it covered up the crimes, over decades. Adding insult to injury, the Church has also kept the files in a place called the “Secret Archive”. This is example is not about faith or my beliefs on such a travesty - simply poor business practices.

You need to keep records of your business. You would want to track bad acts of your employees so you can correct behavior. You would likely keep records of claims made for harm caused by your business or its employees. But referring to the records you don’t want to expose to the world about child molestation and the cover up that ensued for years as “secret archives” makes you look like you know you have something to hide.

Whether a pharmaceutical company or the Church, good business is documented in good record keeping. Build it for transparency. Built it to support all the good business you do. And when records hurt the organization, don’t sweep it under the rug. Own the problem and make it right.

HIPAA Violations - There Are Consequenses

“There are no consequences. There are no consequences. There are no consequences.” And soon thereafter the Wicked Witch of the West “witch slapped” the Kansas smile right off of Dorothy.

A guy was recently charged with violating the Health Insurance Portability and Accountability Act of 1996(HIPAA), which carries a maximum penalty of 10 years in prison, and a fine of $250,000.

As the story goes, confidential medical records were found in a dumpster which apparently belonged to Avalon Centers Inc., a former eating disorder clinic. The defendant is charged with taking the confidential records. However, he claims he did not look through the records that he took and that he did not take any patient files. So for his “innocent until proven guilty” attitude, he is being charged with improperly obtaining and disclosing individually identifiable health information.

Dorothy, Are You Kidding Me!

Your Business Needs to Rightsize

A Dozen Really Good Reasons Why Your Business Needs to Rightsize its Information Footprint

“Rightsizing Your Information Footprint” is my made-up term for turning your Information Parking Lots into a Goldie Locks and the Three Bears amount of information — not too much, not too little, but just the right amount. There is too much digital content with more created continuously. We need to clean up the past in a defensible way. While the daisies are beautiful at the beginning of their life, they lose their appeal as they decay. The same is generally true for information. Businesses also need a better path forward so that content comes into being because the business needs it, and all records are better managed.

Too much stuff, you fail to be business efficient and you get your clock cleaned when litigation strikes.
Too little information, you can’t run your business and you fail to comply with record keeping requirements, among other things.

So here are 12 remarkably compelling reasons to Rightsize, right now:

1. Information is growing at such a rapid rate that costs related to storing, finding, using, migrating, extracting, preserving information are too high
2. Knowing what information exists and where it is parked to be able to efficiently run your business is too complex
3. Technology has failed to find a good way to manage content with little impact to employee productivity (but Kahn is working on auto-classification to help)
4. Employees get too much content to be able to properly manage it
5. Content has sat for years in old Information Parking Lots and it is a decaying asset (Working on my new book called Chucking Daisies to help companies deal with this precise issue)
6. Companies spend too much time looking through way too much irrelevant stuff to respond to litigation, audits and investigations
7. Companies have out of date records used against them in litigation, which could have been disposed earlier
8. Systems are breaking down or no longer work as efficiently as they should, due to information volume burden
9. Data parking lots are being ill-managed and that failure is causing other failures, not the least of which is failing to harness needed information to be “faster, better and cheaper.”
10. Going Green. No list is complete until it has a bit of Green. Technology is using all kinds of energy and by cutting your energy, emission and every other relevant footprint, you are greener, you look better to the outside world and maybe the marketers have something Green to say about the effort
11. Information finds itself on unsanctioned data Parking Lots, when sanctioned ones fill up, making life more challenging
12. Along with volume, growth has been the creator of many new Information Parking Lots (Smart phones, Cloud, Twitter, Blogs, etc.) which makes management that much more challenging

Rightsizing will never be as easy as it is right now as information Parking Lots grow and grow. Clean house of digital data junk. Develop a thoughtful plan for future information retention. Rightsize now because it’s good business.